Privacy Policy

Passflow  ·  Effective date: May 6, 2026

1. General provisions

This Privacy Policy describes how Passflow (“the Application”) treats information when you use the iPhone client published by Pixaro Studio. By using the Application, you agree to this Policy.

2. What Passflow is

Passflow Key Vault is a private space for passwords, recovery codes, sensitive notes, mnemonics, and related credential material you choose to save. Sensitive content is encrypted on your device before it is stored; decryption is gated behind explicit unlock (your vault secret and, if you enable it, device biometrics).

3. Data collection

3.1 Permissions the Application may request

Access layers are invoked only via the standard iOS permission prompts and only when needed for optional features:

  • Face ID / Touch ID — optional shortcuts to authorize unlock or sensitive reveals; templates are validated by the Secure Enclave/local authentication stack. Secrets are never uploaded for this purpose.
  • Notifications — optional reminders tied to toolkit features where you explicitly enable alerts.
  • Contacts — if you initiate contact-picker flows while composing credential metadata, structured fields you select may be prefilled locally. No contact database upload is performed by us.
  • Photos / Camera / Microphone — mnemonic attachments, document capture, entropy sampling for localized generators, or media you explicitly choose to analyze. Outputs stay on-device unless you yourself export data.
  • Network path / Wi‑Fi tooling — high-level telemetry or probes you voluntarily run stays on device for history you keep; optional analytics do not ingest raw vault payloads (see Analytics).
  • Associated domains / Credential Provider APIs — used strictly to interoperate with iOS Password AutoFill and related platform surfaces; credentials never leave encrypted storage unlocked without your gesture.

You can revoke permissions anytime in Settings → Privacy & Security.

3.2 Information you voluntarily provide

  • Titles, URLs, mnemonic phrases, supplementary notes (plain or concealed), sketches, thumbnails, toolkit session labels
  • In-app preference toggles such as biometric opt-in
  • Support requests you choose to send to our team via email — those messages reside in your inbox thread and whichever mail provider you elect to use

3.3 Automatically collected telemetry

  • Technical diagnostics surfaced through integrations below (crash-free sessions, aggregated feature usage counters)
  • Region-locale proxies that mobile SDKs derive for entitlement checks — never substituted for vault payloads

4. Local storage & encryption

Structured records are persisted with Core Data and sealed using AES‑256 keyed material derived locally from your onboarding secret.

  • Ciphertext blobs, mnemonic assets, supplementary notes, toolkit logs you retain
  • Autofill-associated indices required for Credential Provider lookups
  • Biometric shortcut envelopes guarded by Secure Enclave access controls when opted in

We operate without a centralized “vault backend” belonging to Pixaro Studio; there is nowhere for us to read your ciphertext.

5. Analytics (Mixpanel)

We use Mixpanel to understand aggregated navigation and stability. Events are pseudonymous IDs without vault strings, mnemonic media, keystrokes, or clipboard exports. Refer to Mixpanel’s terms at mixpanel.com/legal/privacy-policy.

6. Paywall orchestration (Superwall)

Subscription presentation flows may call Superwall. Superwall observes payment surface analytics (shown paywall identifiers, SKU identifiers) necessary to unlock premium modules. Vault contents never traverse Superwall payloads. Privacy details: superwall.com/privacy.

7. How we use information

  • Deliver encryption, syncing between app extensions on the same device, and biometric-gated UX
  • Improve reliability via anonymized telemetry
  • Respond to lawful user support tickets
  • Detect abuse of commercial entitlements via App Store receipts

8. Data sharing

We do not sell personal data. Limited processors include Apple (payments, Push & biometric plumbing), Mixpanel (analytics), and Superwall (paywall instrumentation). Disclosure may additionally occur where law compels disclosure.

9. International users

Because vault material remains on device, there is minimal cross-border transfer attributable to Pixaro Studio. Telemetry vendors may operate globally — consult their notices for routing detail.

10. Security practices

We prioritize on-device cryptography, hardened keychain envelopes, Principle of Least Privilege for extensions, and regular dependency review. No remote database stores your ciphertext.

11. Children

Passflow is not directed at individuals under 13. We do not knowingly collect minors’ personal data beyond incidental App Store demographics.

12. Your rights

Depending on jurisdiction, you may exercise access, rectification, erasure, restriction, portability, or objection.

  • Most substantive data can be erased by uninstalling and destroying local backups yourself.
  • Where analytics vendors retain pseudonymous histories, submit requests through the contact route below alongside device identifiers exported from in-app diagnostics (if requested).

13. Subscriptions & payments

Transactions run through Apple In‑App Purchase. We never handle card PANs. Renewal, cancellation, and receipt validation follow Apple policies.

14. Changes

We may revise this Policy. Continued use after notices within the Application constitutes acknowledgement unless applicable law mandates express consent.

15. Contact

Questions about privacy or exercising rights?
luminityapple@gmail.com